Beyond FCPA: A look at the emerging compliance landscape

The global anti-corruption landscape has changed considerably over the course of the last 10 years. A decade ago, anti-corruption legislation generally sat dormant, investigations were limited and enforcement actions even more so. Since then, aggressive enforcement of the Foreign Corrupt Practices Act (FCPA) propelled many companies to adopt significant anti-corruption compliance measures. But the landscape is shifting again, and the changes in the next decade could be more drastic than those in the last one.

Before peering into the future, it is helpful to consider the recent past. In response to FCPA enforcement, many companies went from rudimentary or non-existent compliance programs to expensive, overly-comprehensive programs. Risk-averse legal and compliance teams often required U.S.-based employees with limited or no international responsibility to undergo lengthy corruption trainings, and third party due diligence programs did not always tier third party relationships based on risk. Compliance departments became viewed internally as transaction costs instead of informing business decisions, creating value and protecting the business.

More recently, companies have begun reverting to the compliance mean. Bulky programs have been replaced with smarter, risk-based compliance regimes that take better advantage of guidance from the key enforcement agencies — including the FCPA Resource Guide issued in late 2012 — and spend budget more strategically.

But just as FCPA compliance has shown signs of maturing, the global legal landscape has become more fluid. Around the world, countries are enacting new legislation, expanding existing laws and stepping up enforcement. Canada recently expanded the reach of its Corruption of Foreign Public Officials Act. Brazil enacted the Clean Company Act. China has begun a very public anti-corruption crackdown. In these places and others, prosecutors and judges are taking new tools out for a spin, and we’re only just starting to see how this might work in practice.

Take Brazil, for example. The Clean Company Act took effect in January 2014, is similar in scope to the FCPA and imposes fines of up to 20 percent of gross revenues. Of particular interest (and concern) is the decentralized nature of enforcement, which authorizes the federal government, states, municipalities and a range of government agencies to bring actions under the law. This raises a host of questions about capacity, capability and expertise, as well as potential competing actions by different enforcement authorities relating to the same event.

In some respects, the complexity of the Brazilian enforcement regime seems likely to be mimicked on the international stage. As governments pass new anti-corruption laws and create new government agencies, parallel investigations among multiple enforcement agencies will almost certainly involve inconsistent demands and tension among disclosure to various authorities, including how to handle filing investigative findings with the need to keep confidential and privileged information out of the public domain.

In the settlement with Total SA earlier this year, for example, a U.S. investigation was paralleled by an investigation by French authorities. While there is some limited evidence of cooperation across the pond, it seems quite possible that cooperation among U.S. and European authorities will expand to include authorities in jurisdictions in which the acts actually occurred. Why shouldn’t those enforcement agencies take action if the illegal acts occurred within their borders?

One of the main drivers for broader cooperation is the scale of the problem: The World Bank estimates USD 1 trillion in bribes are paid annually. No single jurisdiction can possibly get visibility into even a small fraction of that amount. Enhanced global enforcement seems a plausible response. Judges and prosecutors that have been historically weak enforcers of their local anti-corruption and anti-bribery legislation have new tools, and broader public awareness and scrutiny may encourage those officials to utilize them.

Big questions remain unanswered, particularly around resources and commitment to investigations by local authorities and the extent of potential cross-border cooperation. Until answers come into focus, it will undoubtedly prove to be an uneven and unpredictable time.

Nevertheless, an era of tightening enforcement is clearly upon us, and compliance officers will need to tread carefully. There are tangible costs for both over and under reacting to compliance challenges, which will be especially acute for companies operating in complex and opaque environments. The enforcement agencies that legal and compliance teams deal with today may not be the ones they grapple with tomorrow.

How can companies limit their risk in this evolving landscape? Some basic measures can help:

Closer monitoring of the legal and enforcement landscape — and even local media — may reveal trends about the direction of the industry. Incorporating that information into a company’s risk assessment process can help it stay ahead of the curve.

Careful planning ensures local managers in each jurisdiction are prepared to deal with local authorities, even unexpectedly. Planning can include proper documentation and data preservation that can greatly protect a company’s legal rights.

Shoring up internal due diligence procedures and more vigilant enforcement of third-party compliance and contractual expectations limits a company’s exposure.

Finally, changes in local risk landscapes should be regularly communicated to boards and senior management, who can provide additional resources and support as conditions require.

None of these measures is failsafe, but each represents an ounce of prevention. Companies that prepare for a more uncertain compliance environment are less likely to become the cautionary tales of the next decade.